When we are talking about online virus scanner we can talk about two options, the first option is using an online virus scanner to scan our computer for viruses and other threats and the second option is to upload a suspected file to web site that contain a scanning service that will scan the upload file to check if the uploaded file is a known type of malware.
Let’s expand each of the option to understand more each one of the options.
Online virus scanner – scanning your computer:
Another day had passed, and you are again sitting in front of your computer, log in to your desktop to start do whatever you do with your computer. You are aware of computers security and have a password, even a good one that contain capital letters, small letters, number and even a special sign, as you log in, you see that your antivirus show you a nice small message that it had been updated and a new files were downloaded, and that it fully functional, you are starting to press on some buttons with you mouse and you get a feeling that something does not functional as it function the last time you work on your computer.
This is an example of a known behavior that may imply that your computer is infected with a virus, and yes it can be happened even if you have an installed up to date antivirus on your system.
As you probably know, there are a lot of antiviruses vendors, each one had its arsenal of antiviruses products, most of the time, there will be a free antivirus, for home users, with all the basic options, include real time monitor, file and memory scanner, option to schedule a daily or weekly scan, automatic updater and a web scanner, to check if the site you are about to enter contain a malicious code in it. There are some more advanced version of the anti-virus that cost money (in most cases) but include support and some more features that can help you and make your life more secure on the aspect of viruses, one of the feature can be using a cloud so that in case that a suspicious behavior in one computer on one side of the world is found can be alerted to all the other clients automatic and block it in case that if is found in another side of the world.
In our case, we are talking about an online service that can scan your computer, if we take a look again on a normal anti-virus that have to install itself into our computer and to download all the updated virus definition, in online virus scanner, it only download a small component that can scan your system with the last definition file to use in the scanning.
What is definition file?
A virus definition file is the virus signature database that the antivirus tool is loading to when scanning files, most of the file definition contains a signature that represent the virus, the virus size and some more information about the virus, like its name.
How does it work?
When you get into an online virus scanner site, you have a button to start the scanning, but before the scanning start the site ask you to download and install a small and lite file, this file can be an Active X (OCX base file, more about ActiveX https://en.wikipedia.org/wiki/ActiveX ) that can be installed into your web browser and can be used to start downloading and run (execute) other small components, like the scanner itself, an EULA (End User License Agreement) and the last definition file, that contain the viruses database.
Once all the necessary file had been downloaded the scanner can start to run and start scanning your system trying to find viruses on your system.
Is it safe?
As I menschen above, most of the online virus scanner are services that supported by known anti-viruses vendors, so I can say, if you trust the antivirus vendor, you can trust its online scanner tool, it is safe to use, and I am also recommended using online virus scanner even if you have an offline antivirus installed on your computer, this can be as a second opinion by another doctor without the need to install and configure the antivirus, oh and uninstall the other antivirus that already install on your computer.
So why do I need to install an antivirus?
There are 6 main reasons that I think it is recommend to use online virus scanner from time to time, and here they are:
- Second opinion.
- Does not involve in installation and uninstalling of software from your computer.
- Can be reach from anywhere that have an internet connection.
- Can be use freely.
- Does not involve in registration forms and so on.
- Lite in size.
But if it online why does I need to download files?
After all, you needs to run the tool, and it need to have a good and updated virus definition file, so to have all that, you must download some small files and the definition file to run and scan your computer , also the files that needs to be scan are on your local disk, so to have access to the disk web browsers must use type of files that are allow to use in order to get access to the file system, and that due to the fact that you do not want every site to be able to inject its own tool into your computer.
Online virus scanner – uploading a suspicious file:
Yes, the download is finish and the last episode of your favorite show was laying on your hard disk waits only for you to open your player and start watching it, this was send for you by your newly downloaded application that installed on your smart phone, you are thinking to yourself, today when I get home I will sit and watch this newly downloaded episode that I was waiting for. As you get home open your computer and enter your folder, you see that there is more than one file in the downloads folder, there is also a small icon with a nice word like/pdf like/zip like/movie like file, that you are not familiar with. What is my next step…
Oh, emails…emails, so old but yet still so in use, ok, so you open your email account, and after you press the send and receive button on the seventh time you only have about 100 new emails in your inbox and as always a lot of others in your spam folder, and we all know what in spam folder must be deleted ASAP. So you enter into the spam folder and take a quick look to see if the spam filter accidently mark an important email as spam and luckily you, your spam filter works great and your spam folder contains only spam messages, so the next step is to delete them, well the fun time is over and now we need to go into the inbox folder and start read your emails, and then you see an email with attachment, well, the sender looks like one of the sites you know, the information, especially the information about me is right, first name, last name, title and my phone number, so it probably another legit email from the site, and the attached file is a pdf file, so it must be a document with more information that concern me form the site, What is my next step…
In scenario one, I guess there are two common option, delete the file (or more right will be to say, move it to the recycle bin) or use our mouse and press the file to see what it is.
In scenario two, most of the people out there will open the attached file to see/read its content.
What is my next step?
Looking on every file that you download from the web as a suspicious file is a bit to become a paranoid, but some of the files, especially on email that you are not 100% sure about their origin and on file that looks like they appear out of nowhere on your computer, especially on folder that involve P2P software (re: emule, torrent etc) it will be good to do some extra check to the file. An email attach it is recommended to download it to your computer and not to automatically open it from the email, this is also recommended on files that are downloaded from the web.
You can for start, run your antivirus on the file to extra check that the file does not contain a virus, or you can use an online virus scanner that use some antiviruses engines from some vendors to check the file, and give you a nice report about the file from all the vendors, this can give you more reliable answer if the file that you have is any type of known threats.
Why do I need it?
An online virus scanner that scan a file using multi-vendor antivirus engine is a great tool that you can use to scan any file to get several “experts” that can tell you if the file contain any type of known threats, the services are free, most of the time, and only involve you by uploading the file to them.
Think about the following:
- It’s free.
- It’s fast.
- It’s give you an answer base on some vendors.
- It can be helpful in future use, in case of a new threat that was managed to discover by only one of the vendors.
Based on the fast spreads of threats, vendors are working really hard to keep up with new threats, and updating their engines and their definition files, and if you take this power and combine it to a one service that is based on a list of known anti something vendors you have a great tool that can be used over the global to discover new threats on automatic and update the vendors, after all most of the threats are contains code sections that can be discover as a problematic section by one or more vendors even if the vendor does not familiar with the full file.
How does it work?
There are some sites that contain this service, the big one Virus Total, it can scan local files and web urls to check if they contain any signature of a virus.
As an anti-something vendor I want to prove that my engine is the best so if I can I will add it to a site, like this one, and keep it updated to catch all the threats that it can. I will gain from it some expose to the market, some extra test that people will upload files to check the engine, and newly potential threats that the site will collect each day, that can help me, as a vendor, to improve my definition file.
So the vendor will try to add its engine to the site, the next thing is, the site will give the user an option to upload a file to the site, this way all the engines that the site have will scan the file and create a report about the file, the next step will be that the site will have to parse all the reports and to give a nice output report to the user.
Digital File signature:
A digital file signature is an algorithm that runs on the file, re: open the file, read it and for each bit from the file creates a signature, and create a one way signature for the file, that will represent the file, this signature will be unique for that file only, keep in mind that changing the file name does NOT infected on the signature of the file, only a change in the file data will affect the signature, this signature may be refer as a hash signature.
Examples of hash signature that can, and use, to represent a digital file signature are the MD5 and the SHA1 algorithm, you can read more about digital signature and/or the MD5 or SHA1 on the web, use your favorite search engine to find information about them.